Posted
by
msmash
on Monday September 18, 2017 @11:20AM
from the tightening-bolts dept.

Fake "virus scanning" apps have plagued the iOS App Store for a while, and Apple seems to finally be banning them once and for all in updated developer guidelines it published last week. From a report: The updated developer guidelines, compiled by Paul Hudson over at Hacking With Swift, now includes a ban on apps that claim to "including content or services that it does not actually offer" -- something that includes any iOS virus scanning apps, seeing as it wasn't possible to scan for viruses on iOS with third party apps, since iOS's sandboxing prevents applications from directly interacting with each other or the core of the iOS operating system.

One possible reason - compliance. Many frameworks explicitly call for anti virus software, if you don't have it then you can't get certified. Meaning less secure platform would be used because it has AV to checkbox the requirement.

Virus scanners have never been possible on iOS due to each app not bring able to read the disk folders of other apps. So why have Apple been approving apps that claim to do so for years?

How about they automate the app approval process? I know, it is a cheap way to do, but that's the only reason I can think of to bypass their approval as long as the app follows all the guidelines (not trigger any error/warning in the detection process). Also, Apple hopes that people would submit a complaint if they find something wrong -- another cheaper way to operate and manage their app.

Fraud can be notoriously difficult to litigate. For instance, a bunch of antivirus apps on iOS would allow you to open an attachment in the app (say, a PDF), and it would scan the file. While it couldn't do more than that, it would likely survive a fraud accusation unless the vendor description was extravagantly inaccurate.

Apple hasn't historically checked if an application was fit for the purpose - they didn't evaluate if a product was a good one. They were interested in things like:

- Does it replicate built-in functions?- Is it buggy?- Does it contain malware?- Does it conform to application UI design standards?

The criteria by which they review an application mostly closes the door on the question of fraud. This is in the grey area, and so they're finally addressing it.

We will no longer support software in our store due to customer complaints.

This includes the recently popular book apps "How to flush away your money problems" (translated) and "How to upload python libraries when somebody already used that name". However, "How to screw the customer with Digital Rights Management" will still be available (free for all members of W3C).